avaddon

Sharing

Copy URL

Twitter E-mail

General

Target

c7c9f8f68348fbd26aae20c9ccb1aefd1cfce63897efa4c64abe7ac480253259.zip
Size

2.6MB
Sample

240402-qer9naah2w
MD5

50fdfe71a006963e4a0359884e3b1d1b
SHA1

2efb4a13d9f1c67ee9f6649448b5c778028106e1
SHA256

e8494f6e8bb3473d2826711a2e5b735e23ec8fc0f6b7ce0b939856f6f264dc93
SHA512

990bbdf06f816af8d40b8e401f688ff4db6e59bf591e0189c809af4124a4056d6bc7b81973dc1e14aa621dde58dedf6aed1d30384a11bf546c0f6b49e14328f4
SSDEEP

49152:mlCjw5Tg1XLhwEFgn8TN3ldJJhiw/QmW7QXCbsy+D2s8b:mscxg1iE6n8TlldLhiw7XaZ425b

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\5XtEx_readme.txt

Family

avaddon

Ransom Note

-------=== Your network has been infected! ===------- ***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED ***************** All your documents, photos, databases and other important files have been encrypted and have the extension: .baaaeacbEA You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files! The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files! You can get more information on our page, which is located in a Tor hidden network. How to get to our page -------------------------------------------------------------------------------- | | 1. Download Tor browser - https://www.torproject.org/ | | 2. Install Tor browser | | 3. Open link in Tor browser - avaddonbotrxmuyl.onion | | 4. Follow the instructions on this page | -------------------------------------------------------------------------------- Your ID: -------------------------------------------------------------------------------- Mzc3LTVFelhmRFNLVHpCL1BHT0dhdXpuNXoxMVVVZ1FqWlN1SmNhdWovNG4vS0FNMml3bm1lRTJjN1ZKYnVKdUM2ODVtY0lvNEF2MHBDWTdFYmJnNXRZTkg3cUswZ0pWWkpxRGJ6a0FENTQ0aThnZ3grSU9MaGtSb0FnNTNKbTEwMi8zdFI0cnA4ZzNIN3A3VkttRjUyWXVhaTZRNTV0bGlFMVpNTHo1VUlEL3ZPQVpFR04zQWNCYkRSYkVzOTNuZGVvaHJVRkJ0SHNUamJUdXJaMWlsWmRQcWFBWmhZcWsyUlJNSXp5eHNZS2JDOWJWTVYzTlAxTWttTXBEdUl3ZUVHNG9mQnFFZ2lid1RIYU5ISWhlS0JFSWRIYVNvN0c2SkpKdGRTaE9MWGxCYmNIZXhLR0pJaUhDSnFuck1FSmhkYjhBQVlxSkJvVDBCb2JlQkU5SlpEMzlxSzlMcWRicVNkOVpBWlBnMzNLVDdwSnl3VEVoWWpMQlZXQlB5Q2drZFlxbGVpUjV4amxDSzJPTFZpdkdTeDE0SExOODdpSEV4eTdhcU96K0NJOFp2cDBJM3B0VkwzVXg3WEdRWFJIbWk4eldDd3luc2lPaEloaWE1ZEtPZUtIT3hiZVdWQi96QSszU1p6NiszRGF2dnQzeUVrZ01PVCtjYlduMXFCeTNTV05JL1dHTjZIb2dYRFlBQ0UwOU91OUxyNE05RjZZVUpTV0E5SGo2dlYrRFMwTlkwazJuakFNdG9JQ0FpS2NDTDlKQzNMa0FqbnVJNzE4TUFHVkZhMVkxNFNyK2RLbEFNWHYzbEVLZ0hpcFhldkR2RjdxYUMxWWhieXZGYlNmZ2xZLy96a29oNjV2OCt2Tk5QMXRlZDhaTlliWWhyLzE1akltQ2pKNkN4aGk3ZGd6Z0g4RGZtS3pCeXNhSVFhQTBZeFkyazIvbEl1MHlKZ296UjNKTGhwcU5jaXZPYlh1L2RGVEl6Z2U4M3hZNmluemhKTnVYVDgvWkdhSTByUzdqKzlsMDVDZFNmanp0eG5lcTk0cndFOFkrQktHTklCeWlWam5HcEk5ZmJyYTNpazVTeC9FVjVKM1g3aU1JRHYxa2NJZUZkbzBaWmw1VTdqdlhpSEdYSE9kdXR4RHNCY0FvaHoxWkZkRXdEVHZia05NdS81clFqeFY1T2hTN05EOVVaSGRWUnArK1V0bFNHYTZxTC92VCtVQ0xWa3g4UFplTnlSWkE5ckJFWEVMQ1lXUmlEWjRFbFgyb2hVaU9mMHN0c29DUWpuTWFpTW9Ga3lZMWlRdmhteWlNQU16Z3lDc3VjeGFDanhFNzFaem54dTVBMndkWno3OG9DUWdjS1hCVDVDZURCa09lbERhRnlUbk5FWXFiLzIxemlTM0R0a2FXSzRkbFRGbCs1cktudVE0eFdQNkRmV1ZTei9jZUk5VE9uOThxY0RxdEpJOElYM29KT1FNRE4xUE02ZzBXUDAvanRnbTJuQ1dpMUF2TDlYZkdBWU5rY29ZcUFBY3V2VW9tNmlrWUJueUNtVWR4cmxXNmd5V2I1bWlFOEJaTzUrcWk1SUNaMjJ4WURmMjZSbGk3Tk1RNjhHYnZDU3oxZHlScEx6U2lTaXNPRm5JUDJvc3Z0NlVQVFlseDNqVW41TFpzTmxZNzVycU1aeU5UZWZLcFZabHNUTmk3TjFhWDQ4MVA1NkJoWmJsbmpyWC9xajBuRWJxcytMUy94NkdSQ0s2a1pESmN3TFN2RTlERmN4d2NBZ1NlNTFYMFpta3FtYXA4U3FEV3QwYlN3d2xxR1BHZnkrODlGdC9JWmZXNUNpNUZaRUtZRzdQYjdTUTBSWlArT1dZbVQ4UmZnL2s4cUVzZlU3NHBoSm5qa1RZci95WWh6MFMyN3RpMkdaRjhLWkE3WnhhWjZLMWNJdjFvYllWL3NoSW0yemJRK2phM2ovaEhnczhpdXZCdFFxdDV3MGZUQW5QVVlvcklDOW9uZDBiTC8xdDVYTkhvMXU5ZkhWa29YODZFS1l0a200enZ1WHk1Z1MraHNqYjB3cUkzVEhhbWlncTJKM05PK0FUVTdSNHJhaTFqN05NYlBPTTRxT1lnSFJmRFFtdU8wMUQ3aTlQQzZxMVh2VmVRN08vbitadlJvUzVJRXdqM0tKc3RPY0xMNm5nZjZoMzEvdVVKcmYyRXZCYW81SXk5MmpnbTNWeWEvODc1 -------------------------------------------------------------------------------- * DO NOT TRY TO RECOVER FILES YOURSELF! * DO NOT MODIFY ENCRYPTED FILES! * * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * * Q0ja6TYURE6owI3qSXpdidxt

URLs

http://avaddonbotrxmuyl.onion

Extracted

Path

C:\Users\Admin\Desktop\5XtEx_readme.txt

Family

avaddon

Ransom Note

URLs

http://avaddonbotrxmuyl.onion

Extracted

Path

C:\Users\Admin\Downloads\5XtEx_readme.txt

Family

avaddon

Ransom Note

URLs

http://avaddonbotrxmuyl.onion

Extracted

Path

C:\Users\Admin\Favorites\MSN Websites\5XtEx_readme.txt

Family

avaddon

Ransom Note

URLs

http://avaddonbotrxmuyl.onion

Extracted

Path

C:\Users\Admin\Pictures\5XtEx_readme.txt

Family

avaddon

Ransom Note

URLs

http://avaddonbotrxmuyl.onion

Extracted

Path

C:\5XtEx_readme.txt

Family

avaddon

Ransom Note

URLs

http://avaddonbotrxmuyl.onion

Extracted

Path

C:\Users\Admin\Desktop\O6T8af_readme.txt

Family

avaddon

Ransom Note

-------=== Your network has been infected! ===------- ***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED ***************** All your documents, photos, databases and other important files have been encrypted and have the extension: .aCdEdDadAC You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files! The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files! You can get more information on our page, which is located in a Tor hidden network. How to get to our page -------------------------------------------------------------------------------- | | 1. Download Tor browser - https://www.torproject.org/ | | 2. Install Tor browser | | 3. Open link in Tor browser - avaddonbotrxmuyl.onion | | 4. Follow the instructions on this page | -------------------------------------------------------------------------------- Your ID: -------------------------------------------------------------------------------- Mzc3LVF3TXVlWko0dEJTbG9abno4Mm0yKy8vK2JNK080Q1FpRUw4anZRZW9oOCtRMHRBR1BaSXlsZ1VsYnpnMkZ0VHZFZDJSblcvWVdhUmFXVTk0YjdLZEZwek9yQXZaNVlNMmxnZTJPRWUwNlNzWHpuZUppSkFWYzZtSU1FUThrNFdwSEpCMDNtVzhPdHNZMEtVRkthMGwzVys2RkdPR3NkMWhjQ1ZmQmZJMEF1WE9heFpWMllITTRqb2l5Y3FJdlFPQ0VRaHBOd2NFU2xTKzJXL0xLdDN3cHQ5Y2w2elgwYWhpeFJLemp4QURjYjM5L3pCZC9Rc1ZONjBwZGxMRExoMllkd0xEamQ5OUlBZmwxRk40VmZZaElIQm9mU0dMSVZSK1pzV0xoQ3hTZVA3cEJsWkxWcXkzKzJUditZWkgrdUFiZmw1NTJwditKWU4rZEkwWlRtR01TTG1WWE5HanZFckNmUlplT01FK0NZRlZuK1ZJV1Q2UFJBNmt6aDRQemZKaFdhUkwvUUJEZ1lxQ3lGZTJYQURVK3pmYmpQOGN2clp3THBGbmw1SVVzVFJ5Q2ZVeG9SRjd0OFRiYklqWnVQYkVKZDk1TFVIT2Zrc1FCQnRaN2lsV0c4N0ovd3RLeTFHekZUOEJLUWsyNklBRlhMU3NHRklTRzNWR3Fmam03NHhIRjF2WnMzekFtcS92YXBoaHl5SjVORlV6cEkxWGdpNDl2Z1psNVY5d0JoZzBTV0FGTE9jZG1pckJXYllaZzNyZmtzMUhQTnJMRzhJSXM2U3IxVzhtQzVMUkpjTVRDMTFsOVd6c3FBWTIvdnV2Ti9GUmdTVXdaV0xPQzk0bUhqTkNMNHdMVHc0MU1XYkk4cGNTMjB6L0VOMW9MaitjaUxTTkZ0MzFwMmVoc1l1TGZLSjBRNjgyNUNBZWdBOGM0TGlPTytrVm0xU2lja1RLUzZ0T2JWYW9GRFVsanRFbXRzb1JhNnpTb2pZd1ZwSU81UTZBY3MvMlZNbTB3UzZpNzkwLzA3Q0l6TlBlOEhodlRDWGM1VVI4c0ZyYUl5S2tPSFFIRjBYZzVZOFo3WEUxOXhEdWZ6cG5Qa0oyblUxK0xiWWxSc3NFWnFBUjMxZWt4WFZvMEI2TnhuaEpwbmoxcTdQZE9jL2lPbUVpczRJZlNrYmRreDRMMklzN0hjWDNycVBIMWF2a2tFUitJNGRDNzRrNmFKdGlDZjdKYkt5Nk1lWkNNZFdCQkNJcTdqZ2Y2amJURXhXeTROQ2MydzJGdWxKY29MR2JIQ0kyays3MjJYT3lZWGNKVEgvcnpFaVZHWHJ4c2NsYjZnMjZMNDlYSmkyWVR3WTJvZXNpdHl4dTMzekE0NVIzZXd4Ny95VGRLRW9KbERWaUpqZGtUb2lIaEdmcUp0UnNjRThlaVNzd2dZZEQ3TXlqdWJQbGlmMTJBd1F1N29mdnVaZ2RnV1ErZ2xpU3NBNHEzY0g2SmJIRFdCQ1Z6ZFIwTzJXMG4vNzRUZ2xwM3R5eFdNYUk3TzZSTDBHUGdJdTQvMmlPVmdpVjU3ZXFKeWkwUGhiZWlGa0YySysxWlZEbTAzNzFWMFd6YlBwdXpjMStJc29vbWVmL1ozL3FwZXB5YmM0eEJXZnAxb1NBV2F4QTVkbEJDb1V1bEFlaHFDK3VVYUh4bmIyOXAwTXVpSGQxcXRQTlpJWFhwaXh5V0g5TDZnOVlZRXNsbmg1MW9pQkhmbTk1cGZ3eXJib0tIeTN5SGNzSE94S1BKU0psZUJEUHhodmpQYngzdzZrd3YxTFE3R3RINHlrR0thM3VtYktsTWs3MC9Ba0FLd2F0T3JTckxhdUNpMTMydkxWZnhhQXoxRzR0aldrbXIxZTFIRzJhdUlqMjUxRnBJR1kxd0xFaXhCbzNjV003K3NiRmI1T054bXluczVSNGhCelEzZ2YzeGdjWTRyOWwzNCs4cXBubVN1dlY4UkdtZmhMMDFJRnpQOUFqM2hhQndxOEg4SEY5V0grQUVhY0FqY0ZqMmpBS2dyS1BSTDFIZDJSTU5wem9INDN1ZmlMQ0IrcDBzMjhsM1lLNHI2U2N5Tk9SMWozMUM2TVRWTnVYNzNOUHc1aWNwelhXVm1peGJpK3hmOUM2KzA4Y2tnM3NBL3NwQnBhRUVSSXAzdzduclRxUit0U0JVOTZKZVFHSEtuOW5Gdnpod0tYSUFxbFlXdzVK -------------------------------------------------------------------------------- * DO NOT TRY TO RECOVER FILES YOURSELF! * DO NOT MODIFY ENCRYPTED FILES! * * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * * KaOZvxEfyb

URLs

http://avaddonbotrxmuyl.onion

Extracted

Path

C:\Users\Admin\Downloads\O6T8af_readme.txt

Family

avaddon

Ransom Note

-------=== Your network has been infected! ===------- ***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED ***************** All your documents, photos, databases and other important files have been encrypted and have the extension: .aCdEdDadAC You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files! The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files! You can get more information on our page, which is located in a Tor hidden network. How to get to our page -------------------------------------------------------------------------------- | | 1. Download Tor browser - https://www.torproject.org/ | | 2. Install Tor browser | | 3. Open link in Tor browser - avaddonbotrxmuyl.onion | | 4. Follow the instructions on this page | -------------------------------------------------------------------------------- Your ID: -------------------------------------------------------------------------------- Mzc3LVF3TXVlWko0dEJTbG9abno4Mm0yKy8vK2JNK080Q1FpRUw4anZRZW9oOCtRMHRBR1BaSXlsZ1VsYnpnMkZ0VHZFZDJSblcvWVdhUmFXVTk0YjdLZEZwek9yQXZaNVlNMmxnZTJPRWUwNlNzWHpuZUppSkFWYzZtSU1FUThrNFdwSEpCMDNtVzhPdHNZMEtVRkthMGwzVys2RkdPR3NkMWhjQ1ZmQmZJMEF1WE9heFpWMllITTRqb2l5Y3FJdlFPQ0VRaHBOd2NFU2xTKzJXL0xLdDN3cHQ5Y2w2elgwYWhpeFJLemp4QURjYjM5L3pCZC9Rc1ZONjBwZGxMRExoMllkd0xEamQ5OUlBZmwxRk40VmZZaElIQm9mU0dMSVZSK1pzV0xoQ3hTZVA3cEJsWkxWcXkzKzJUditZWkgrdUFiZmw1NTJwditKWU4rZEkwWlRtR01TTG1WWE5HanZFckNmUlplT01FK0NZRlZuK1ZJV1Q2UFJBNmt6aDRQemZKaFdhUkwvUUJEZ1lxQ3lGZTJYQURVK3pmYmpQOGN2clp3THBGbmw1SVVzVFJ5Q2ZVeG9SRjd0OFRiYklqWnVQYkVKZDk1TFVIT2Zrc1FCQnRaN2lsV0c4N0ovd3RLeTFHekZUOEJLUWsyNklBRlhMU3NHRklTRzNWR3Fmam03NHhIRjF2WnMzekFtcS92YXBoaHl5SjVORlV6cEkxWGdpNDl2Z1psNVY5d0JoZzBTV0FGTE9jZG1pckJXYllaZzNyZmtzMUhQTnJMRzhJSXM2U3IxVzhtQzVMUkpjTVRDMTFsOVd6c3FBWTIvdnV2Ti9GUmdTVXdaV0xPQzk0bUhqTkNMNHdMVHc0MU1XYkk4cGNTMjB6L0VOMW9MaitjaUxTTkZ0MzFwMmVoc1l1TGZLSjBRNjgyNUNBZWdBOGM0TGlPTytrVm0xU2lja1RLUzZ0T2JWYW9GRFVsanRFbXRzb1JhNnpTb2pZd1ZwSU81UTZBY3MvMlZNbTB3UzZpNzkwLzA3Q0l6TlBlOEhodlRDWGM1VVI4c0ZyYUl5S2tPSFFIRjBYZzVZOFo3WEUxOXhEdWZ6cG5Qa0oyblUxK0xiWWxSc3NFWnFBUjMxZWt4WFZvMEI2TnhuaEpwbmoxcTdQZE9jL2lPbUVpczRJZlNrYmRreDRMMklzN0hjWDNycVBIMWF2a2tFUitJNGRDNzRrNmFKdGlDZjdKYkt5Nk1lWkNNZFdCQkNJcTdqZ2Y2amJURXhXeTROQ2MydzJGdWxKY29MR2JIQ0kyays3MjJYT3lZWGNKVEgvcnpFaVZHWHJ4c2NsYjZnMjZMNDlYSmkyWVR3WTJvZXNpdHl4dTMzekE0NVIzZXd4Ny95VGRLRW9KbERWaUpqZGtUb2lIaEdmcUp0UnNjRThlaVNzd2dZZEQ3TXlqdWJQbGlmMTJBd1F1N29mdnVaZ2RnV1ErZ2xpU3NBNHEzY0g2SmJIRFdCQ1Z6ZFIwTzJXMG4vNzRUZ2xwM3R5eFdNYUk3TzZSTDBHUGdJdTQvMmlPVmdpVjU3ZXFKeWkwUGhiZWlGa0YySysxWlZEbTAzNzFWMFd6YlBwdXpjMStJc29vbWVmL1ozL3FwZXB5YmM0eEJXZnAxb1NBV2F4QTVkbEJDb1V1bEFlaHFDK3VVYUh4bmIyOXAwTXVpSGQxcXRQTlpJWFhwaXh5V0g5TDZnOVlZRXNsbmg1MW9pQkhmbTk1cGZ3eXJib0tIeTN5SGNzSE94S1BKU0psZUJEUHhodmpQYngzdzZrd3YxTFE3R3RINHlrR0thM3VtYktsTWs3MC9Ba0FLd2F0T3JTckxhdUNpMTMydkxWZnhhQXoxRzR0aldrbXIxZTFIRzJhdUlqMjUxRnBJR1kxd0xFaXhCbzNjV003K3NiRmI1T054bXluczVSNGhCelEzZ2YzeGdjWTRyOWwzNCs4cXBubVN1dlY4UkdtZmhMMDFJRnpQOUFqM2hhQndxOEg4SEY5V0grQUVhY0FqY0ZqMmpBS2dyS1BSTDFIZDJSTU5wem9INDN1ZmlMQ0IrcDBzMjhsM1lLNHI2U2N5Tk9SMWozMUM2TVRWTnVYNzNOUHc1aWNwelhXVm1peGJpK3hmOUM2KzA4Y2tnM3NBL3NwQnBhRUVSSXAzdzduclRxUit0U0JVOTZKZVFHSEtuOW5Gdnpod0tYSUFxbFlXdzVK -------------------------------------------------------------------------------- * DO NOT TRY TO RECOVER FILES YOURSELF! * DO NOT MODIFY ENCRYPTED FILES! * * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * * hD0vF91znDZ51

URLs

http://avaddonbotrxmuyl.onion

Extracted

Path

C:\Users\Admin\Pictures\O6T8af_readme.txt

Family

avaddon

Ransom Note

-------=== Your network has been infected! ===------- ***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED ***************** All your documents, photos, databases and other important files have been encrypted and have the extension: .aCdEdDadAC You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files! The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files! You can get more information on our page, which is located in a Tor hidden network. How to get to our page -------------------------------------------------------------------------------- | | 1. Download Tor browser - https://www.torproject.org/ | | 2. Install Tor browser | | 3. Open link in Tor browser - avaddonbotrxmuyl.onion | | 4. Follow the instructions on this page | -------------------------------------------------------------------------------- Your ID: -------------------------------------------------------------------------------- Mzc3LVF3TXVlWko0dEJTbG9abno4Mm0yKy8vK2JNK080Q1FpRUw4anZRZW9oOCtRMHRBR1BaSXlsZ1VsYnpnMkZ0VHZFZDJSblcvWVdhUmFXVTk0YjdLZEZwek9yQXZaNVlNMmxnZTJPRWUwNlNzWHpuZUppSkFWYzZtSU1FUThrNFdwSEpCMDNtVzhPdHNZMEtVRkthMGwzVys2RkdPR3NkMWhjQ1ZmQmZJMEF1WE9heFpWMllITTRqb2l5Y3FJdlFPQ0VRaHBOd2NFU2xTKzJXL0xLdDN3cHQ5Y2w2elgwYWhpeFJLemp4QURjYjM5L3pCZC9Rc1ZONjBwZGxMRExoMllkd0xEamQ5OUlBZmwxRk40VmZZaElIQm9mU0dMSVZSK1pzV0xoQ3hTZVA3cEJsWkxWcXkzKzJUditZWkgrdUFiZmw1NTJwditKWU4rZEkwWlRtR01TTG1WWE5HanZFckNmUlplT01FK0NZRlZuK1ZJV1Q2UFJBNmt6aDRQemZKaFdhUkwvUUJEZ1lxQ3lGZTJYQURVK3pmYmpQOGN2clp3THBGbmw1SVVzVFJ5Q2ZVeG9SRjd0OFRiYklqWnVQYkVKZDk1TFVIT2Zrc1FCQnRaN2lsV0c4N0ovd3RLeTFHekZUOEJLUWsyNklBRlhMU3NHRklTRzNWR3Fmam03NHhIRjF2WnMzekFtcS92YXBoaHl5SjVORlV6cEkxWGdpNDl2Z1psNVY5d0JoZzBTV0FGTE9jZG1pckJXYllaZzNyZmtzMUhQTnJMRzhJSXM2U3IxVzhtQzVMUkpjTVRDMTFsOVd6c3FBWTIvdnV2Ti9GUmdTVXdaV0xPQzk0bUhqTkNMNHdMVHc0MU1XYkk4cGNTMjB6L0VOMW9MaitjaUxTTkZ0MzFwMmVoc1l1TGZLSjBRNjgyNUNBZWdBOGM0TGlPTytrVm0xU2lja1RLUzZ0T2JWYW9GRFVsanRFbXRzb1JhNnpTb2pZd1ZwSU81UTZBY3MvMlZNbTB3UzZpNzkwLzA3Q0l6TlBlOEhodlRDWGM1VVI4c0ZyYUl5S2tPSFFIRjBYZzVZOFo3WEUxOXhEdWZ6cG5Qa0oyblUxK0xiWWxSc3NFWnFBUjMxZWt4WFZvMEI2TnhuaEpwbmoxcTdQZE9jL2lPbUVpczRJZlNrYmRreDRMMklzN0hjWDNycVBIMWF2a2tFUitJNGRDNzRrNmFKdGlDZjdKYkt5Nk1lWkNNZFdCQkNJcTdqZ2Y2amJURXhXeTROQ2MydzJGdWxKY29MR2JIQ0kyays3MjJYT3lZWGNKVEgvcnpFaVZHWHJ4c2NsYjZnMjZMNDlYSmkyWVR3WTJvZXNpdHl4dTMzekE0NVIzZXd4Ny95VGRLRW9KbERWaUpqZGtUb2lIaEdmcUp0UnNjRThlaVNzd2dZZEQ3TXlqdWJQbGlmMTJBd1F1N29mdnVaZ2RnV1ErZ2xpU3NBNHEzY0g2SmJIRFdCQ1Z6ZFIwTzJXMG4vNzRUZ2xwM3R5eFdNYUk3TzZSTDBHUGdJdTQvMmlPVmdpVjU3ZXFKeWkwUGhiZWlGa0YySysxWlZEbTAzNzFWMFd6YlBwdXpjMStJc29vbWVmL1ozL3FwZXB5YmM0eEJXZnAxb1NBV2F4QTVkbEJDb1V1bEFlaHFDK3VVYUh4bmIyOXAwTXVpSGQxcXRQTlpJWFhwaXh5V0g5TDZnOVlZRXNsbmg1MW9pQkhmbTk1cGZ3eXJib0tIeTN5SGNzSE94S1BKU0psZUJEUHhodmpQYngzdzZrd3YxTFE3R3RINHlrR0thM3VtYktsTWs3MC9Ba0FLd2F0T3JTckxhdUNpMTMydkxWZnhhQXoxRzR0aldrbXIxZTFIRzJhdUlqMjUxRnBJR1kxd0xFaXhCbzNjV003K3NiRmI1T054bXluczVSNGhCelEzZ2YzeGdjWTRyOWwzNCs4cXBubVN1dlY4UkdtZmhMMDFJRnpQOUFqM2hhQndxOEg4SEY5V0grQUVhY0FqY0ZqMmpBS2dyS1BSTDFIZDJSTU5wem9INDN1ZmlMQ0IrcDBzMjhsM1lLNHI2U2N5Tk9SMWozMUM2TVRWTnVYNzNOUHc1aWNwelhXVm1peGJpK3hmOUM2KzA4Y2tnM3NBL3NwQnBhRUVSSXAzdzduclRxUit0U0JVOTZKZVFHSEtuOW5Gdnpod0tYSUFxbFlXdzVK -------------------------------------------------------------------------------- * DO NOT TRY TO RECOVER FILES YOURSELF! * DO NOT MODIFY ENCRYPTED FILES! * * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * * XLbIaLondpHetLIH

URLs

http://avaddonbotrxmuyl.onion

Targets

- Target
  
  c7c9f8f68348fbd26aae20c9ccb1aefd1cfce63897efa4c64abe7ac480253259.exe
- Size
  
  4.8MB
- MD5
  
  affa6575a3ff529c583fab38ff9f59e5
- SHA1
  
  a4d2dde718cc10d6ac12e4ec1f602a1050746aa5
- SHA256
  
  c7c9f8f68348fbd26aae20c9ccb1aefd1cfce63897efa4c64abe7ac480253259
- SHA512
  
  c7ea550c214c3d4cf0686f50e2644b6fe569397bc1d4b0363da173e9a9889ce290f33f6a4e9215aba6cf1deef0be73abdf4b44a8070204d75868d845b34a8767
- SSDEEP
  
  98304:bw3OKBzMFxybbbbpNGWeEi4DtrRKm40djW1mGaHBad6s:bw3y6bbbbpNYwDdjW1zqEn
Score

10^/10

avaddon evasion ransomware themida trojan
- Avaddon
  Ransomware-as-a-service first released in June 2020 and currently expanding its userbase among criminal actors.
  ransomware avaddon
- Avaddon payload
- UAC bypass
  evasion trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Renames multiple (155) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2